Abstract: A method and system for secure and scalable key management for cryptographic processing of data is described herein. A method of secure key handling and cryptographic processing of data, comprising receiving a request from an entity to cryptographically process a block of data, the request including a key handle, wherein the key handle includes an authentication tag and an index; authenticating the requesting entity using the authentication tag; and referencing a plaintext key from a plurality of plaintext keys using the index if the requesting entity is authenticated successfully.

Abstract: A method for authorizing a service is disclosed. In the embodiment, the method involves receiving a packet carried via a first power signal according to an inductive wireless power transfer communications protocol, the packet received at a power receiver within a mobile device, extracting a password from the received packet, storing the extracted password in memory within the mobile device, transmitting the stored password in a packet via a second power signal according to the inductive wireless transfer communications protocol to authorize a service.

Abstract: A method includes extending an interface, to a device outside a firewall, for requesting a service performed by a device inside the firewall. The interface is extended using a software component, executing outside the firewall, which executes a separate interface to accept requests for services from devices outside the firewall. The separate interface, exposed outside the firewall, is configured for accepting a subset of the services available inside the firewall.

Abstract: Systems and methods are disclosed for managing online advertising data secure sharing. One method includes receiving, at a server, a request for proprietary data from a data consumer, the request including a data consumer identifier; retrieving, from a database of proprietary data, proprietary data based on the request; determining, by the server, whether the retrieved proprietary data is at least one of: designated to be processed and designated to have privileges set; processing, by the server, the proprietary data when the server determines the proprietary data is designated to be processed; setting one or more privileges to the proprietary data using the certificate associated with the data consumer identifier when the server determines the proprietary data is designated to have privileges set; encrypting the proprietary data using the certificate associated with the data consumer identifier; and transmitting the encrypted proprietary data to the data consumer.

Abstract: In various implementations, a plurality of non-private n-grams that satisfy a privacy criterion may be identified within a search log of private search queries and corresponding post-search activity. A plurality of query patterns may be generated based on the plurality of non-private n-grams. Aggregate search activity statistics associated with each of the plurality of query patterns may be determined from the search log. Aggregate search activity statistics associated with each query pattern may be indicative of search activity associated with a plurality of private search queries in the search log that match the query pattern. In response to a determination that aggregate search activity statistics for a given query pattern satisfy a performance criterion, a methodology for generating data that is presented in response to search queries that match the given query pattern may be altered based on aggregate search activity statistics associated with the given query pattern.

Abstract: An information processing system, an information processing method for use with the system, an information providing system, and information providing method for use with the system, an information processing apparatus, an information processing method for use with the apparatus, a doll, an object, a program storage medium, and a program for authenticating users reliably are provided. A user acquires beforehand a doll called Pochara the Good Friend incorporating an IC chip that stores a user ID for authenticating the user. When the user mounts the doll on a platform connected to a personal computer, the user ID is read from the IC chip by a reader housed in the platform and transmitted over the Internet to a Pochara service server. The server has a Pochara database holding personal information about users of the service. The transmitted user ID is checked against the personal information in the database for authentication. This invention applies advantageously to servers offering services through networks.

Abstract: The disclosure relates to a tamper protection device for protecting a field device against tampering. The tamper protection device includes a carrier and at least one electronic memory, wherein the at least one electronic memory is disposed in at least one partial area on the carrier, and the at least one electronic memory stores at least one predefinable security information item. The at least one electronic memory is configured to modify the predefinable security information item in the event of at least partial damage to the tamper protection device. The disclosure further relates to a method for producing a field device having a tamper protection device, to a field device comprising a tamper protection device, to a tamper protection system, and to the use of a tamper protection device.

Abstract: A device receives capability information associated with a next hop device of a wireless local area network (WLAN). The device also determines, based on the capability information, whether the next hop device is capable of implementing security for traffic, where the security includes a media access control (MAC) security standard and a layer 2 link security standard. The device further creates, via the MAC security standard, a secure channel with the next hop device when the next hop device is capable of providing security for traffic.

Abstract: In an embodiment, a data processing method comprises receiving a first instance of computer program data at a security unit having one or more processors; executing the first instance of the computer program data in a monitored environment; observing and recording identification information for each of a plurality of functions called by the first instance of the computer program data; sending the identification information to one or more security enforcement endpoints over a computer network; and generating one or more instructions describing security protections to implement for function calls not included in the identification information in a second instance of the computer program data, and sending the instructions to one or more security enforcement endpoints over a computer network.

Abstract: Signaling and verifying URL signatures for accessing URL addressable content in adaptive streaming. A plurality of URL authentication and URL authorization descriptors are provided for a plurality of URLs, wherein each URL authentication descriptor comprises information for verification key acquisition and for accessing an authentication tag for authenticating a given URL in the plurality of URLs according to an associated URL authentication scheme. Each URL authorization descriptor is for verification key acquisition and for accessing an authorization tag for authorizing access to content addressable by a given URL in the plurality of URLs according to an associated URL authentication scheme. A plurality of URL authentication and URL authorization descriptors for the plurality of URLs are communicated and each descriptor is verified in the communicated plurality of URL authentication and URL authorization descriptors for its given URL in the plurality of URLs according to its associated scheme.

Abstract: A secure microcontroller system comprising an integrated cache sub-system, crypto-engine, buffer sub-system and external memory is described according to various embodiments of the invention. The secure microcontroller incorporates block encryption methods to ensure that content communicated between the integrated microcontroller and external memory is protected and real-time performance of the system is maintained. Additionally, the microcontroller system provides a user-configurable memory write policy in which memory write protocols may be selected to balance data coherency and system performance.

Abstract: Methods, systems, and products protect personally identifiable information. Many websites acquire the personally identifiable information without a user's knowledge or permission. Here, though, the user may control what personally identifiable information is shared with any website. For example, the personally identifiable information may be read from a header of a packet and compared to a requirement associated with a domain name.

Abstract: A method begins with a processing module initiating a rebuilding process for an encoded data slice of a set of encoded data slices and generating rebuilding information from one or more other encoded data slices of the set of encoded data slices. The method continues with the processing module creating a rebuilt encoded data slice for the encoded data slice based on the rebuilding information. The method continues with the processing module determining whether another encoded data slice of the set of encoded data slices requires rebuilding and when the other encoded data slice requires rebuilding, the method continues with the processing module creating another rebuilt encoded data slice for the other encoded data slice based on the rebuilding information without initiating another rebuilding process for the other encoded data slice.

Abstract: An individual area controller of an industrial equipment management system controls access to an individual area which is a storage area that is associated with an individual ID on a server, based on the individual ID. A group area controller controls access to a group area which is a storage area that is associated with a group ID on a server, based on the individual ID that belongs to the group ID. A copy restrictor restricts copying of equipment information about an industrial equipment that is stored in the group area to the individual area.

Abstract: A multi-function identification system is described in the present invention. The system includes an appliance and a number of keys. Under a registration process, the system allows multiple appliances to be controlled by a single key or an appliance can be controlled by different keys. The system can also allow users to set specified actions to be conducted after identification processes are completed. That satisfies requirements of a multi-function identification. Meanwhile, the key is a plug-and play and on-the-go product. It is desired that the key is a host used for other purpose.

Abstract: Computer-implemented methods and apparatuses for recursive multi-layer examination for computer network security remediation is provided herein. Exemplary methods may include: receiving a first identifier associated with a first node; retrieving first metadata using the first identifier; identifying a second node in communication with the first node using the first metadata; ascertaining a first characteristic of each first communication between the first and second nodes using the first metadata; examining each first communication for malicious behavior using the first characteristic; receiving a first risk score for each first communication responsive to the examining; determining the first risk score associated with one of the second communications exceeds a first predetermined threshold and indicating the first and second nodes are malicious. Exemplary methods may further include: providing the identified malicious nodes and communications originating from or directed to the malicious nodes.

Abstract: In various embodiments, static, dynamic, and behavioral analyses may be performed on an application. A set of code fragments employed by the application may be determined. A set of device resources employed by the application may be determined. An application fingerprint is generated for the application and potentially malicious component and/or behaviors are identified. The application fingerprint encodes identifiers for the set of code fragments and identifiers for the set of device resources.

Abstract: A host-based antimalware client can interface with a server-based antimalware support server. A file is identified at a host device. It is determined whether local reputation data for the file is available at the host device for the file. A query is sent to an antimalware support system relating to the file. Particular reputation data is received from the antimalware support system corresponding to the query. It is determined whether to allow the file to be loaded on the host device based at least in part on the particular reputation data.

Abstract: In an approach for managing user profiles, a computer identifies a first user profile and one or more additional user profiles, wherein the first user profile is active on a computing device. The computer receives streaming data. The computer receives a trigger wherein the received trigger includes biometric data. The computer identifies a second user profile from the identified one or more additional user profiles that is associated with the received trigger. The computer compares biometric data from the second user profile with the biometric data in the received trigger. The computer determines whether the biometric data matches, within a defined tolerance level, the biometric data in the second user profile.

Abstract: In an approach for managing user profiles, a computer identifies a first user profile and one or more additional user profiles, wherein the first user profile is active on a computing device. The computer receives streaming data. The computer receives a trigger wherein the received trigger includes biometric data. The computer identifies a second user profile from the identified one or more additional user profiles that is associated with the received trigger. The computer compares biometric data from the second user profile with the biometric data in the received trigger. The computer determines whether the biometric data matches, within a defined tolerance level, the biometric data in the second user profile.